Cysiv has developed its own cloud-native, next-generation SIEM in response to the limitations, deployment challenges, and frustrations associated with traditional SIEMs.
The foundation for Cysiv’s threat monitoring, detection, hunting, investigation, and remediation service features, Cysiv Command is a modern, security operations, and analytics platform.
It combines a number of essential technologies and functions into a single platform, leveraging a broad range of advanced data science techniques to automate the time-consuming, complex but essential activities and processes for truly effective threat detection, hunting, investigation, and remediation.
SIEM backed by Data Lake
Our SIEM can complement—or for some—replace an existing SIEM investment, providing the following core SIEM functionality:
It’s backed by a massively scalable, purpose-built, indexed data lake, with tiered data storage (hot, warm, and cold) to better manage costs and support compliance requirements. Large customers get their own dedicated data lake.
Automated Threat Detection and Triage
Leverages a blend of signature-, behavior-, statistic- and algorithm-based (supervised and unsupervised machine learning) detection techniques to automatically identify potential threats with high confidence.
Cysiv aggregates logs into indicators, correlates them with integrated cyber intel, and then aggregates indicators into detections through its proprietary Indicator-Detection Engine. Security incidents are automatically prioritized based on the highest severity detections, focusing attention on the investigation of the most critical detections first, thus streamlining analyst workload.
Ingested logs are parsed, cleansed, normalized, enriched, and indexed. During enrichment, logs are attributed with IP address. Active Directory and critical asset data to provide important context during an investigation. Following indexing, Cysiv’s rules engine correlates logs to integrated cyber intel to trigger high-fidelity indicators and detections. Enrichment of logs accelerates incident response times and increases analyst productivity.
User and Entity Behavior Analytics (UEBA)
Leverages machine learning methods to augment and enhance rule-based threat detection with user and entity behavior analytics. Standard profiles and behaviors are built for users and hosts across time, and any activity that is anomalous to these standard baselines is triggered as suspicious.
Threat Intelligence Platform
Collects, classifies, corroborates, and scores large volumes of unstructured and highly related IOCs, resulting in all-source, finished intelligence that is included and integrated with the Cysiv platform. IOC sources include dozens of high-quality curated feeds from around the world, Cysiv-generated IOCs, and community-sourced IOCs from customers that have opted-in to share them.
Provides workflow capabilities based on the NIST Incident Response Life Cycle, tight integration, transparency, and seamless communication and collaboration during detection handling and incident management. Supports integrations with third party case management and incident response platforms. Embedded runbooks guide and standardize the incident investigation and response activities and also support customer specific procedures.
Network Traffic Analysis
Analyzes flow records and network traffic metadata to build models that reflect normal behavior to detect abnormal north/south and east/west traffic patterns. Traffic analysis also serves as investigation support and improves the fidelity of user and entity-based detections.
Compliance and Risk Reporting
Customizable, curated dashboards and reports provide essential information and visibility for a variety of personas in the security operations organization, including analysts/IR, engineers, executives, and compliance/risk managers. Reporting supports a variety of common compliance and regulatory frameworks.